'Old-school' Sun server worm surfaces

The attack scans servers to check whether the remote Telnet log-on ability is enabled

Sun Microsystems' Solaris servers are being hit by a "throwback" worm attack that targets a little-used network protocol. 

The attack involves a vulnerability in the Telnet connection system for Solaris 10 systems. 

Telnet is a networking protocol that traces its roots to the early days of the internet. Security concerns have left the component widely unused as a method for remotely connecting to a server for several years.

Sun has already released a patch for the vulnerability along with a program for removing the malware launched by the attack.

However, researchers said that most responsible administrators should have long ago removed the ability to use Telnet to remotely log-in to a server.

"We have been telling people for years not to use Telnet," a Sun spokesperson told vnunet.com. 

The attack scans servers to check whether the remote Telnet log-on ability is enabled. When the worm finds a vulnerable system, it installs a back-door which allows an attacker to remotely log-in to the server.

The worm also displays messages that refer to older worm programs, according to Symantec. 

Jose Nazario, senior security engineer at Arbor Networks, said on a company blog: "[This is] very old school [and] reminds me of the old ADM worms I saw back in the late 90s that got me interested in self-propagating malware in the first place." 

Users wishing to protect themselves against the attack can download a patch from Sun's website.

"Better yet, just disable Telnet," said Nazario. "It is 2007 after all."